Ransomware group Lapsus$ has claimed another international company among its victims — this time releasing data purportedly stolen from Samsung Electronics.
Samsung Electronics Co. announced that it had experienced a cybersecurity breach that compromised confidential company data, including source code for the functioning of its Galaxy smartphones.
After reports over the weekend that LAPSUS$, a hacker organization that stole secret information from Nvidia Corp.’s networks, had gotten entry to Samsung data, the company issued a statement. The intruders who broke into the Korean electronics giant’s computers were not identified. A spokesman claimed via text message that measures have been put in place to avoid further breaches, and that customers’ personal data has not been impacted.
Samsung stated, “There was a security breach concerning sensitive internal corporate data.” “According to our preliminary investigation, the leak involves certain source code related to the operation of Galaxy devices, but not personal information about our customers or employees.” We do not expect any effect on business or customers at this time. We’ve put in place measure to protect future mishaps, and we’ll keep serving our clients as usual.”
Late Friday, the LAPSUS$ hackers uploaded a 190GB torrent file to their Telegram channel, saying it included proprietary Samsung source code that exposed the company’s security measures. Algorithms for Samsung smartphone biometric authentication and bootloader source code to bypass some operating system protections were among the things listed.
Lapsus$ emerged just a few months ago, at first focused almost exclusively on Portuguese-language targets followed by string of high-profile victims—including Samsung, Nvidia, and Ubisoft.
“It’s all been quite erratic and unusual,” says Brett Callow, a threat analyst at the antivirus company Emsisoft. “My sense is that they are a talented but inexperienced operation. Whether they will seek to expand and bring on affiliates or keep it small and lean remains to be seen.”